A is funder B is fundee
A initiates the process but B doesn't want its outputs to be snooped easily.
One solution could be to require A to provide signed and broadcastable transactions in order to know about B's utxos.
This can be done with SIGHASH_SINGLE|SIGHASH_ANYONECANPAY
which an input and the corresponding output, so A signs
its funding to the channel and can be sure that the created output is the P2WSH multisig used to fund the channel.
One downside of this is that it doesn't allow for change on A's side. This can be solved by using a (segwit) transactions chain.
A creates a first tx, let's call it txA1
containing an arbitrary number of its inputs and of change outputs:
txA1 (SIGHASH_ALL)
_________________ ______________
| A's input 1 | A's utxo 1 |
|----------------|---------------
| A's input 2 | A's change |
|----------------|---------------
| A's input n |
|________________|
A doesn't broadcast txA1
but can safely give it to B (A's owns all the utxos). A then uses the first txA1
output to
fund the funding transaction, which we'll call txA2
.
txA2 (SIGHASH_SINGLE|SIGHASH_ANYONECANPAY)
_________________ _______________
| txA1 vout 0 | multisig with B |
|________________|________________
If B fulfills the value requirements, it can then broadcast this transaction so A cannot probe B without a stake in the game.
FIXME describe first commitment exchange
Moreover B can add any change output so doesnt need another transaction.
All this comes at the cost of more setup fees, but it seems to be a lesser evil.